Skip to main content

Wpb Show Core

6 CVEs product

Monthly

CVE-2024-1958 MEDIUM POC This Month

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpb Show Core
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-1956 MEDIUM POC This Month

The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpb Show Core
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-1292 MEDIUM POC This Month

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpb Show Core
NVD WPScan
CVSS 3.1
4.7
EPSS
0.5%
CVE-2023-5974 CRITICAL POC Act Now

The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Wpb Show Core
NVD WPScan
CVSS 3.1
9.8
EPSS
3.1%
CVE-2023-4922 CRITICAL POC THREAT Act Now

The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Wpb Show Core
NVD WPScan
CVSS 3.1
9.8
EPSS
15.7%
CVE-2022-3484 MEDIUM POC This Month

The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpb Show Core
NVD WPScan VulDB
CVSS 3.1
6.1
EPSS
0.9%
EPSS 0% CVSS 4.8
MEDIUM POC This Month

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpb Show Core
NVD WPScan
EPSS 0% CVSS 6.1
MEDIUM POC This Month

The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpb Show Core
NVD WPScan
EPSS 0% CVSS 4.7
MEDIUM POC This Month

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpb Show Core
NVD WPScan
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Wpb Show Core
NVD WPScan
EPSS 16% CVSS 9.8
CRITICAL POC THREAT Act Now

The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Wpb Show Core
NVD WPScan
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpb Show Core
NVD WPScan VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy